Absence of emergency pause mechanism across all contracts leads to inability to halt operations during active exploits

Neither Bridge, KeyLogRegistry, nor any token contract inherits from PausableUpgradeable. There is no circuit breaker anywhere in the system. This is particularly significant given the protocol's specific risk profile.

During an active exploit or discovered vulnerability, the protocol has no way to immediately halt operations. The only available response is a full contract upgrade, which requires time to prepare and an uncompromised owner key, neither of which may be available during an emergency.

Add PausableUpgradeable to both Bridge and KeyLogRegistry with whenNotPaused on critical state-changing functions (registerKeyPairWithTransfer, registerKeyLog, registerKeyLogPair, transferBalanceToLatestKey, upgradeWithKeyRotation, unwrap). Consider introducing a separate guardian role (e.g., a multisig) with the ability to pause but not upgrade, providing defense-in-depth if the owner key is compromised.

YadaCoin, Confirmed. Implemented an upgrade-based approach with bridge-only upgrade gates and atomic multi-contract upgrades via upgradeWithKeyRotation, providing emergency response capability.

Zealynx, Fixed. Verified the upgrade refactor after identifying and resolving revert issues in the initial implementation where all four upgrade paths were reverting.